CVE-2024-54931

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 11, 2024
CWE ID 89

Summary

CVE-2024-54931 is a SQL Injection vulnerability affecting the kashipara E-learning Management System version 1.0. The issue resides in the /admin/delete_event.php file, where the id parameter is not properly sanitized. This allows remote attackers to inject malicious SQL commands, thereby gaining unauthorized access to the database. Successful exploitation could lead to data theft, modifications, or even system compromise. It is crucial for users to apply the necessary patches or updates to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • E-Learning Management System

Affected Vendors

  • Kashipara